[go: up one dir, main page]

US11190347B2 - Method and device for allocating QKD network resources and computer-readable storage medium thereof - Google Patents

Method and device for allocating QKD network resources and computer-readable storage medium thereof Download PDF

Info

Publication number
US11190347B2
US11190347B2 US16/732,539 US202016732539A US11190347B2 US 11190347 B2 US11190347 B2 US 11190347B2 US 202016732539 A US202016732539 A US 202016732539A US 11190347 B2 US11190347 B2 US 11190347B2
Authority
US
United States
Prior art keywords
service
resources
network
key
qkd
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US16/732,539
Other versions
US20200358606A1 (en
Inventor
Yongli Zhao
Xiang Liu
Xiaosong YU
Yajie LI
Jie Zhang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Assigned to BEIJING UNIVERSITY OF POSTS AND TELECOMMUNICATIONS reassignment BEIJING UNIVERSITY OF POSTS AND TELECOMMUNICATIONS ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LI, Yajie, LIU, XIANG, YU, Xiaosong, ZHANG, JIE, ZHAO, YONGLI
Publication of US20200358606A1 publication Critical patent/US20200358606A1/en
Application granted granted Critical
Publication of US11190347B2 publication Critical patent/US11190347B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Definitions

  • the disclosure relates to communication technology, in particular to a method and a device for allocating quantum key distribution (QKD) network resources and also a non-transitory computer-readable storage medium.
  • QKD quantum key distribution
  • optical networks may utilize QKD technology to distribute keys for the data services.
  • quantum keys used by a pair of remote nodes may also be distributed and relayed by multiple groups of point-to-point QKD systems. While distributing the quantum keys by multiple groups of point-to-point QKD systems, a number of encryption/decryption operations on the quantum keys allocated may be needed, which may consume a certain period of time. Thus, a certain time delay may occur in the current key distribution process.
  • some services that requires encryption transmitted in the QKD network are delay-sensitive services, such as high-frequency information relating to the stock market, encrypted instant messages, and so on.
  • the keys for different types of services may be transmitted through a same pre-determined quantum key distribution route. And only after a key between a source node and a destination node is determined, the source node may encrypt the service with the key and transmit the service to the destination node. And then the destination node would decrypt the service. While in the transmission of the key, a large delay may be caused by multiple times of encrypting and decrypting while relaying the key among the nodes due to the long physical distance between the source node and the destination node. And the delay would not meet the requirements of the services which are delay sensitive.
  • Examples of the present disclosure provide a method for allocating QKD network resources, which can meet the requirements of different services that require encryption and increase the utilization rate of network resources.
  • the method for allocating QKD network resources may include:
  • the nodes in the network structure represent quantum nodes in the QKD network; the lines among the nodes in the network structure represent physical connections among the quantum nodes in the QKD network.
  • the nodes in the key topology represent quantum nodes in the QKD network; and a line between any two of the nodes in the key topology represent that a shared key pair exists between the quantum nodes in the QKD network.
  • the method may further include the following steps before the service arrives:
  • determining whether the service is delay sensitive or not may include the following steps:
  • the delay tolerance parameter represents the number of encryptions/decryptions that is accepted by the service
  • distributing quantum key resources to the service according to the key topology may include the following steps:
  • selecting at least one path satisfying the delay tolerance parameter from the key topology path set of node pair may include the following steps:
  • distributing quantum key resources to the service according to the network structure of the QKD network may include:
  • the method may further include:
  • the method may further include:
  • locking the wavelength resources allocated to the service comprises: selecting and locking wavelength resources to be occupied in the set of links in the network structure of the QKD network.
  • the method may further include:
  • locking the quantum key resources allocated to the service comprises: selecting and locking key slot resources in the virtual quantum key pool to be occupied by the service.
  • Examples of the present disclosure also provide a device for allocating QKD network resources, which can be used to realize the above method for allocating the QKD network resources.
  • the device may include:
  • a topology acquisition module configured to acquire the network structure of a QKD network and construct a key topology according to distributions of quantum key resources in the QKD network;
  • a service judgment module configured to determine, in response to arrival of a service requiring encryption, whether the service is delay sensitive or not;
  • a first distribution module configured to distribute quantum key resources to the service according to the key topology when the service is delay sensitive
  • a second distribution module configured to distribute quantum key resources to the service according to the network structure when the service is not delay sensitive.
  • the method and the device for allocating QKD network resources provided by examples of the present disclosure can obtain the network structure and construct a key topology according to the distributions of the quantum key resources in the QKD network, thus the quantum key resources distribution for delay-sensitive services according to the key topology and the quantum key resources distribution for delay-insensitive services according to the network structure can be carried out. Therefore, services with multiple delay requirements can be flexibly processed. And limited quantum key resources of the QKD network can be utilized efficiently.
  • FIG. 1 is a schematic diagram illustrating a communication process of a quantum network.
  • FIG. 2 is a flow diagram illustrating a method for allocating QKD network resources according to some examples of the present disclosure.
  • FIG. 3 is a diagram illustrating the architecture of a QKD network with five nodes according to some examples of the present disclosure.
  • FIG. 4 is a diagram illustrating the network structure of a QKD network according to some examples of the present disclosure.
  • FIG. 5 is a diagram illustrating the key topology of a QKD network according to some examples of the present disclosure.
  • FIG. 6 is a flow diagram illustrating a method for allocating QKD network resources according to some other examples of the present disclosure.
  • FIG. 7 is a diagram illustrating the architecture of a QKD network with three nodes according to some examples of the present disclosure.
  • FIG. 8 is a diagram illustrating the structure of a device for allocating QKD network resources according to some examples of the present disclosure.
  • FIG. 1 is a schematic diagram illustrating a communication process of a quantum network.
  • the quantum network may include a plurality of quantum nodes and a plurality of links.
  • the quantum nodes may be configured to implement functions such as receiving, transmitting and storing.
  • channels in the links may be divided into synchronization optical channels, quantum channels and negotiation channels.
  • the synchronization optical channel may be used for transmitting a periodic optical signal to assist the synchronization process.
  • the quantum channel may be used for transmitting quantum optical signals.
  • the negotiation channel may be used for transmitting negotiation information such as basis vector comparison information, bit error information, verification information and the like.
  • an encryption may be first performed at the quantum node 1 to form a key service including a synchronization optical signal, a quantum signal and a negotiation signal, and then the key service may be transmitted to the quantum node 2 through three channels respectively.
  • the quantum node 2 may first decrypt the key service. And the same encryption process may be performed at the quantum node 2 as that of the quantum node 1 . Then the quantum node 2 may further transmit the key service to the quantum node 3 . And finally, the quantum node 3 may decrypt the key service.
  • FIG. 2 is a flow diagram illustrating a method for allocating QKD network resources according to some examples of the present disclosure.
  • the method for allocating QKD network resources may include:
  • S 1 the network structure of a QKD network is obtained, and a key topology of the QKD network is constructed according to distributions of quantum key resources in the QKD network.
  • the network structure generally represents an actual linking status of network nodes, i.e. nodes, links, and etc.
  • the nodes in the network structure represent quantum nodes in the QKD network, and the lines among the nodes in the network structure represent physical connections among the quantum nodes.
  • virtual quantum key resources may be pre-configured in some remote node pairs to avoid quantum key relays between a remote node pair. That is, a virtual quantum key pool would be pre-configured for each remote node pair. In the virtual quantum key pool, quantum key resources pre-configured for the remote node pair are stored. Therefore, when distributing quantum key resources within the whole network, it would be difficult to represent the distributions of quantum key resources only relaying on the network structure of the QKD network.
  • a key topology of the QKD network is defined.
  • quantum keys in the QKD network always appear in pairs and are held together by a network node pair.
  • the quantum keys are virtualized as virtual quantum key pools in the QKD network.
  • the nodes in the key topology represent quantum nodes of the QKD network, and a line connecting a node pair represents a virtual quantum key pool of the node pair, wherein the line does not represent a physical connection, nor a spatial distance, but represents that shared key pairs exist between the two nodes of the node pair.
  • the attributes of the line may include the number of quantum keys pre-configured and the number of hops between two nodes in the network.
  • FIG. 3 is a diagram illustrating the architecture of a QKD network with five nodes, in which a quantum key distribution can be performed between any two nodes. If there is no advanced deployment of quantum key resources, the key topology may be consistent with the network structure of QKD network. However, actually there would be enough quantum key resources deployed in advance through relaying between any two nodes in the QKD network, and the virtual quantum key pool is shown as the QKD layer in FIG. 3 , therefore the network structure of the QKD network would be shown as FIG. 4 , and the key topology of the QKD network would be shown as FIG. 5 .
  • delay-sensitive services such as high-frequency information relating to the stock market, encrypted instant messages and the like. And the delay tolerance (DT) of this kind of services is low.
  • the other type of services is delay-insensitive services, such as encrypted file transmission, encrypted information distribution, encrypted data migration and so on. And the DT of this kind of services is relatively high.
  • S 2 may include the following steps: in response to arrival of the service, detecting whether of a DT parameter is set for the service or not; wherein, the DT parameter represents the number of encryption/decryption operations accepted by the service.
  • the DT of a service may indicate the tolerance on delay of the service, i.e. how many times of encryption/decryption operations performed by the relay nodes that the service can tolerate. The smaller the DT indicates the higher the requirements on the delay of the service.
  • the method may further include:
  • the number of hops between the node pair of the source node and the destination node would be taken as an evaluation criterion for the paths in the network structure and in the key topology.
  • KSP k-shortest paths
  • all the paths between the nodes of each node pair in the network structure would be calculated in advance.
  • all the paths between the nodes of each node pair may be sorted from small to large according to the number of hops, and the sorting result would be stored as the network structure path set in the corresponding nodes of the node pair.
  • the node may select a path from the network structure path set stored in itself.
  • all the paths between the nodes of each node pair in the key topology would be calculated in advance according to the KSP algorithm. And all the paths between the nodes of each node pair would be sorted from small to large according to the number of hops, and the sorting result would be stored as a key topology path set in the corresponding nodes of the node pair. And when allocating quantum key resources, the node may select at least one path from the key topology path set stored in itself.
  • the quantum key resources of a delay-sensitive service should not be carried by a path that has multiple relays. That is because excessive delays may be added every time the quantum key is encrypted and decrypted by a relay node. And this delay would not meet the requirements of this type of service.
  • a best way to distribute quantum key resources is to transmit the quantum key resources without any encryption or decryption operation of the relay node. That is, a lowest delay of a service would be obtained when only one encryption operation is performed at the source node and only one decryption operation is performed at the destination node. Therefore, for the delay-sensitive services, the quantum key resources stored in the virtual quantum key pool of a node pair should be used.
  • S 3 may include the following steps:
  • selecting at least one path satisfying the DT parameter from the key topology path set of node pair may include the following steps:
  • the DT in a key topology is used to represent the delay requirements of a service, and the DT in a QKD network can be considered as the number of hops between two nodes in the key topology.
  • paths of the network structure path set are traversed and selected corresponding to the node pair of the source node and the destination node. In this step, all the paths in the network structure path set corresponding to node pair of the source node and the destination node with the number of hops of relays smaller than the DT of the service would be selected.
  • quantum key resources required by the service would be distributed through the at least one path selected according to the k-shortest path algorithm (note that multiple paths can be selected according to the k-shortest path algorithm, and the quantum key resources distributed by the multiple paths can be accumulated).
  • quantum key resources are distributed to the service according to the network structure.
  • S 4 may include the following steps:
  • quantum key resources required by each service are allocated according to the K-shortest path algorithm from the network structure path set corresponding to the node pair of the source node and the destination node (note that multiple paths can be selected according to the k-shortest path algorithm, and the quantum key resources distributed by the multiple paths can be accumulated).
  • the method may further include: when detecting that the quantum key resources available cannot meet the requirements of the service, the service is determined to be blocked and then the service will be discarded.
  • the method may further include: after distributing the quantum key resources to the service, selecting at least one path from the network structure path set of the node pair of the source node and the destination node according to the first-fit (FF) algorithm; and distributing wavelength resources to the service through the at least one path selected.
  • FF first-fit
  • the FF algorithm is only an option that could be used to select the path, other algorithm can be adopted in embodiments of the present disclosure.
  • wavelength resources may be allocated to the service based on the network structure. Specifically, the paths in the network structure path set corresponding to the node pair of the source node and the destination node are traversed, and wavelength resources are allocated to the service based on the FF algorithm. And if the wavelength resources allocated to the service are not sufficient, the service may be blocked, and a next service that requires encryption may be then processed.
  • FIG. 6 is a flow diagram illustrating the process of a method for allocating QKD network resources according to some other examples of the present disclosure. Referring to FIG. 6 , the method may include:
  • quantum key resources are allocated to the service according to the sequence of paths in the key topology path set, and then proceed to step S 603 .
  • quantum key resources are allocated to the service according to the sequence of paths in the network structure path set, and then proceed to step S 603 .
  • step S 603 whether the amount of the quantum key resources allocated meets the requirements of the service is determined, when the amount of the quantum key resource allocated does not meet the requirements of the service, proceed to step S 604 , and when the amount of the quantum key resource allocated meets the requirements of the service, proceed to step S 605 .
  • the quantum key resources in the virtual quantum key pool to be occupied by the service are selected and locked.
  • the occupancy status of quantum key resources in each virtual quantum key pool of the QKD network is updated.
  • wavelength resources are allocated to the service according to the network structure path set.
  • step S 608 whether the wavelength resources allocated meets the requirements of the service is determined, when the wavelength resources allocated does not meet the requirements of the service, proceed to step S 609 , and when the wavelength resources allocated meets the requirements of the service, proceed to step S 610 .
  • step S 609 it is determined that the wavelength resources are not available for the service, and the service is blocked. Then a next service that requires encryption may be processed.
  • the quantum key resources locked in step S 605 may be released.
  • the wavelength resources to be occupied in a set of links that are occupied in the network structure of the QKD network are selected and locked.
  • a link may refer to a node-to-node QKD link; while a path may refer to a path between two nodes of a remote node pair formed by at least one QKD link.
  • the quantum key resources are relayed by relay nodes between the node pair of the source node and the destination node.
  • the key resources required by the service are obtained by the node pair of the source node and the destination node by relaying.
  • the service is carried out utilizing the quantum key resources allocated.
  • the quantum key resources (a quantum key pair) allocated are used for encrypting the data service. And the encrypted data service is then transmitted to the destination node by the source node.
  • FIG. 7 is a diagram illustrating the architecture of a QKD network with three nodes according to some examples of the present disclosure.
  • the QKD network includes two QKD subsystems.
  • the first QKD subsystem includes quantum node A and quantum node B
  • the second QKD subsystem includes quantum node A and quantum node C.
  • Quantum key pairs would be pre-stored in corresponding quantum node pairs such as the quantum node A and the quantum node B (hereinafter named node pair AB), and the quantum node A and the quantum node C (hereinafter named node pair AC).
  • QKD optical fibers between the node pair AB can generate true random number sequences (quantum key resources) for the node pair AB
  • QKD optical fibers between the node pair AC can generate true random number sequences (quantum key resources) for the node pair AC.
  • a key management server A-B may be deployed between the node pair AB
  • a key management server A-C may be deployed between the node pair AC.
  • node pair BC For there are only data fibers but no QKD optical fibers between the quantum node B and the quantum node C (hereinafter named node pair BC), and there is a virtual quantum key pool between the node pair BC in which there stores quantum key resources, the quantum key resources between the node pair BC may be obtained by relaying quantum keys between the node pairs AB and AC, and a key management server B-C may be deployed to manage the status, the extraction and the injection of the quantum keys between the node pair BC.
  • the rectangular in FIG. 7 are used to represent quantum key resources in a virtual quantum key pool, dark colors represent delay-sensitive services, and light colors represent delay-insensitive services.
  • the key management server B-C When a delay-sensitive service arrives at the node pair BC, the key management server B-C is used to distribute quantum key resources from the virtual quantum key pool of the node pair BC to carry out the service.
  • the key management servers A-B and A-C are used to distribute quantum key resources from the virtual quantum key pool of the node pair AB and from the virtual quantum key pool of the node pair AC to carry out the service.
  • the network structure of the QKD network is obtained and a key topology can be constructed according to the distributions of quantum key resources in the QKD network.
  • quantum key resources are distributed according to the key topology
  • quantum key resources are distributed according to the network structure of the QKD network.
  • examples of the present disclosure also provide a device for allocating QKD network resources which can realize the processes of the above QKD network resource allocation method.
  • FIG. 8 is a diagram illustrating the structure of a device for allocating QKD network resources according to some examples of the present disclosure.
  • the device may include:
  • a topology acquisition module 1 configured to obtain the network structure of the QKD network and construct a key topology according to distributions of quantum key resources in the QKD network;
  • a service judgment module 2 configured to determine, in response to arrival of a service requiring encryption, whether the service is delay sensitive or not;
  • a first distribution module 3 configured to distribute quantum key resources to the service according to the key topology when the service is delay sensitive;
  • a second distribution module 4 configured to distribute quantum key resources to the service according to the network structure when the service is not delay sensitive.
  • the network structure of the QKD network is obtained and a key topology can be constructed according to the distributions of quantum key resources in the QKD network.
  • quantum key resources are distributed according to the key topology
  • quantum key resources are distributed according to the network structure.
  • Examples of the present disclosure also provide a device for allocating QKD network resources, which may include: one or more processors, one or more memories, and a communication bus configured to couple the one or more processors and the one or more memories; wherein the one or more memories store one or more instructions, and when executed by the one or more processors, the instructions cause the one or more processors to perform the above method for allocating QKD network resources.
  • Examples of the present disclosure also provide a non-transitory computer-readable storage medium, including one or more instructions, when executed by one or more processors, cause the one or more processors to perform the above method for allocating QKD network resources.
  • DRAM dynamic RAM

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed is a method for allocating QKD network resources, which includes the following steps: obtaining a network structure of a QKD network, and constructing a key topology according to distributions condition of quantum key resources in the QKD network; in response to arrival of a service requiring encryption, judging whether the encrypted service is delay sensitive; when the service is delay sensitive, distributing quantum key resources to the service according to the key topology of the QKD network; and when the service is not delay sensitive, distributing quantum key resources to the service according to the network structure of the QKD network. Moreover, the present disclosure also provides a device for allocating QKD network resources and a non-transitory computer-readable storage medium.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
The application claims priority of Chinese patent application CN201910380704.9, filed on May 8, 2019, the entire contents of which are incorporated herein by reference.
TECHNICAL FIELD
The disclosure relates to communication technology, in particular to a method and a device for allocating quantum key distribution (QKD) network resources and also a non-transitory computer-readable storage medium.
BACKGROUND
In order to guarantee the safety of data transmission in the optical networks, now optical networks may utilize QKD technology to distribute keys for the data services. And quantum keys used by a pair of remote nodes may also be distributed and relayed by multiple groups of point-to-point QKD systems. While distributing the quantum keys by multiple groups of point-to-point QKD systems, a number of encryption/decryption operations on the quantum keys allocated may be needed, which may consume a certain period of time. Thus, a certain time delay may occur in the current key distribution process.
However, some services that requires encryption transmitted in the QKD network are delay-sensitive services, such as high-frequency information relating to the stock market, encrypted instant messages, and so on. But, in conventional QKD networks, the keys for different types of services may be transmitted through a same pre-determined quantum key distribution route. And only after a key between a source node and a destination node is determined, the source node may encrypt the service with the key and transmit the service to the destination node. And then the destination node would decrypt the service. While in the transmission of the key, a large delay may be caused by multiple times of encrypting and decrypting while relaying the key among the nodes due to the long physical distance between the source node and the destination node. And the delay would not meet the requirements of the services which are delay sensitive.
SUMMARY
Examples of the present disclosure provide a method for allocating QKD network resources, which can meet the requirements of different services that require encryption and increase the utilization rate of network resources.
According to examples of the present disclosure, the method for allocating QKD network resources may include:
obtaining a network structure of a QKD network;
constructing a key topology according to distributions of quantum key resources in the QKD network;
in response to arrival of a service requiring encryption, determining whether the service is delay sensitive or not;
when the service is delay sensitive, distributing quantum key resources to the service according to the key topology; and
when the service is not delay sensitive, distributing quantum key resources to the service according to the network structure of the QKD network.
According to examples of the present disclosure, the nodes in the network structure represent quantum nodes in the QKD network; the lines among the nodes in the network structure represent physical connections among the quantum nodes in the QKD network.
According to examples of the present disclosure, the nodes in the key topology represent quantum nodes in the QKD network; and a line between any two of the nodes in the key topology represent that a shared key pair exists between the quantum nodes in the QKD network.
According to examples of the present disclosure, the method may further include the following steps before the service arrives:
taking any two quantum nodes in the QKD network as a node pair to form at least one node pair of the QKD network;
calculating all paths between each node pair according to the network structure to form a network structure path set of each node pair; and
calculating all paths between each node pair according to the key topology to form a key topology path set of each node pair.
According to examples of the present disclosure, determining whether the service is delay sensitive or not may include the following steps:
detecting whether a delay tolerance parameter is set or not for the service; wherein, the delay tolerance parameter represents the number of encryptions/decryptions that is accepted by the service;
when a delay tolerance parameter is set for the service, determining that the service is delay sensitive; and
when a delay tolerance parameter is not set for the service, determining that the service is not delay sensitive.
According to examples of the present disclosure, distributing quantum key resources to the service according to the key topology may include the following steps:
obtaining the node pair of the source node and the destination node of the service, and the delay tolerance parameter of the service;
selecting at least one path satisfying the delay tolerance parameter from the key topology path set of the node pair; and
distributing the quantum key resources to the service through the at least one path selected.
According to examples of the present disclosure, selecting at least one path satisfying the delay tolerance parameter from the key topology path set of node pair may include the following steps:
obtaining at least one path with relay hops less than the delay tolerance parameter from the key topology path set of the node pair, and selecting the at least one path from the at least one path according to the K-shortest path algorithm.
According to examples of the present disclosure, distributing quantum key resources to the service according to the network structure of the QKD network may include:
obtaining the node pair of the source node and the destination node of the service;
selecting at least one path from the network structure path set of the node pair according to the K-shortest path algorithm; and
distributing the quantum key resources to the service through the at least one path selected.
According to examples of the present disclosure, the method may further include:
after distributing the quantum key resources to the service, selecting at least one path from the network structure path set of the node pair according to the FF algorithm; and
distributing wavelength resources to the service through the at least one path selected.
According to examples of the present disclosure, the method may further include:
determining whether the wavelength resources allocated meets the requirements of the service;
when the wavelength resources allocated does not meet the requirements of the service, blocking the service is blocked, and when the wavelength resources allocated meets the requirements of the service, locking the wavelength resources allocated to the service.
According to examples of the present disclosure, locking the wavelength resources allocated to the service comprises: selecting and locking wavelength resources to be occupied in the set of links in the network structure of the QKD network.
According to examples of the present disclosure, the method may further include:
determining whether the amount of the quantum key resources allocated meets the requirements of the service;
when the amount of the quantum key resource allocated does not meet the requirements of the service, blocking the service is blocked and discarding the service, and when the amount of the quantum key resource allocated meets the requirements of the service, locking the quantum key resources allocated to the service.
According to examples of the present disclosure, locking the quantum key resources allocated to the service comprises: selecting and locking key slot resources in the virtual quantum key pool to be occupied by the service.
Examples of the present disclosure also provide a device for allocating QKD network resources, which can be used to realize the above method for allocating the QKD network resources. The device may include:
a topology acquisition module, configured to acquire the network structure of a QKD network and construct a key topology according to distributions of quantum key resources in the QKD network;
a service judgment module, configured to determine, in response to arrival of a service requiring encryption, whether the service is delay sensitive or not;
a first distribution module, configured to distribute quantum key resources to the service according to the key topology when the service is delay sensitive; and
a second distribution module, configured to distribute quantum key resources to the service according to the network structure when the service is not delay sensitive.
As can be seen from the above description, the method and the device for allocating QKD network resources provided by examples of the present disclosure can obtain the network structure and construct a key topology according to the distributions of the quantum key resources in the QKD network, thus the quantum key resources distribution for delay-sensitive services according to the key topology and the quantum key resources distribution for delay-insensitive services according to the network structure can be carried out. Therefore, services with multiple delay requirements can be flexibly processed. And limited quantum key resources of the QKD network can be utilized efficiently.
BRIEF DESCRIPTION OF DRAWINGS
FIG. 1 is a schematic diagram illustrating a communication process of a quantum network.
FIG. 2 is a flow diagram illustrating a method for allocating QKD network resources according to some examples of the present disclosure.
FIG. 3 is a diagram illustrating the architecture of a QKD network with five nodes according to some examples of the present disclosure.
FIG. 4 is a diagram illustrating the network structure of a QKD network according to some examples of the present disclosure.
FIG. 5 is a diagram illustrating the key topology of a QKD network according to some examples of the present disclosure.
FIG. 6 is a flow diagram illustrating a method for allocating QKD network resources according to some other examples of the present disclosure.
FIG. 7 is a diagram illustrating the architecture of a QKD network with three nodes according to some examples of the present disclosure.
FIG. 8 is a diagram illustrating the structure of a device for allocating QKD network resources according to some examples of the present disclosure.
 DETAILED DESCRIPTION OF THE EMBODIMENTS
Descriptions of the present disclosure will be rendered by reference to specific examples which are illustrated in the appended drawings.
FIG. 1 is a schematic diagram illustrating a communication process of a quantum network. According to FIG. 1, the quantum network may include a plurality of quantum nodes and a plurality of links. Wherein, the quantum nodes may be configured to implement functions such as receiving, transmitting and storing. And channels in the links may be divided into synchronization optical channels, quantum channels and negotiation channels. The synchronization optical channel may be used for transmitting a periodic optical signal to assist the synchronization process. The quantum channel may be used for transmitting quantum optical signals. And the negotiation channel may be used for transmitting negotiation information such as basis vector comparison information, bit error information, verification information and the like. Assuming that a key service is to be transmitted from the quantum node 1 to the quantum node 3, in this case, an encryption may be first performed at the quantum node 1 to form a key service including a synchronization optical signal, a quantum signal and a negotiation signal, and then the key service may be transmitted to the quantum node 2 through three channels respectively. After receiving the key, the quantum node 2 may first decrypt the key service. And the same encryption process may be performed at the quantum node 2 as that of the quantum node 1. Then the quantum node 2 may further transmit the key service to the quantum node 3. And finally, the quantum node 3 may decrypt the key service.
It can be seen that two encryption/decryption operations on the quantum keys allocated are performed, which may consume a certain period of time. Thus, a certain time delay may occur in the current key distribution process. And this delay may not meet the requirements of the services.
FIG. 2 is a flow diagram illustrating a method for allocating QKD network resources according to some examples of the present disclosure. According to FIG. 2, the method for allocating QKD network resources may include:
In S1, the network structure of a QKD network is obtained, and a key topology of the QKD network is constructed according to distributions of quantum key resources in the QKD network.
According to examples of the present disclosure, the network structure generally represents an actual linking status of network nodes, i.e. nodes, links, and etc. The nodes in the network structure represent quantum nodes in the QKD network, and the lines among the nodes in the network structure represent physical connections among the quantum nodes. And in the QKD network, virtual quantum key resources may be pre-configured in some remote node pairs to avoid quantum key relays between a remote node pair. That is, a virtual quantum key pool would be pre-configured for each remote node pair. In the virtual quantum key pool, quantum key resources pre-configured for the remote node pair are stored. Therefore, when distributing quantum key resources within the whole network, it would be difficult to represent the distributions of quantum key resources only relaying on the network structure of the QKD network.
In order to represent the distributions of quantum key resources in a QKD network directly and accurately, a key topology of the QKD network is defined. As quantum keys in the QKD network always appear in pairs and are held together by a network node pair. Moreover, the quantum keys are virtualized as virtual quantum key pools in the QKD network. In this case, the nodes in the key topology represent quantum nodes of the QKD network, and a line connecting a node pair represents a virtual quantum key pool of the node pair, wherein the line does not represent a physical connection, nor a spatial distance, but represents that shared key pairs exist between the two nodes of the node pair. The attributes of the line may include the number of quantum keys pre-configured and the number of hops between two nodes in the network.
For example, FIG. 3 is a diagram illustrating the architecture of a QKD network with five nodes, in which a quantum key distribution can be performed between any two nodes. If there is no advanced deployment of quantum key resources, the key topology may be consistent with the network structure of QKD network. However, actually there would be enough quantum key resources deployed in advance through relaying between any two nodes in the QKD network, and the virtual quantum key pool is shown as the QKD layer in FIG. 3, therefore the network structure of the QKD network would be shown as FIG. 4, and the key topology of the QKD network would be shown as FIG. 5.
In S2, in response to arrival of a service requiring encryption, whether the service is delay sensitive or not would be determined; and when the service is delay sensitive, proceed to S3, and when the service is not delay sensitive, proceed to S4.
According to examples of the present disclosure, there would be two types of services that require encryption. One is delay-sensitive services, such as high-frequency information relating to the stock market, encrypted instant messages and the like. And the delay tolerance (DT) of this kind of services is low. The other type of services is delay-insensitive services, such as encrypted file transmission, encrypted information distribution, encrypted data migration and so on. And the DT of this kind of services is relatively high.
Specifically, S2 may include the following steps: in response to arrival of the service, detecting whether of a DT parameter is set for the service or not; wherein, the DT parameter represents the number of encryption/decryption operations accepted by the service.
When a DT parameter is set for the service, determining that the service is delay sensitive.
When a DT parameter is not set for the service, determining that the service is not delay sensitive.
It should be noted that for the delay-sensitive services a parameter can be set. Here, the DT of a service may indicate the tolerance on delay of the service, i.e. how many times of encryption/decryption operations performed by the relay nodes that the service can tolerate. The smaller the DT indicates the higher the requirements on the delay of the service.
According to examples of the present disclosure, before S2, the method may further include:
taking any two quantum nodes in the QKD network as a node pair to form at least one node pair;
calculating all paths between each node pair according to the network structure to form a network structure path set of each node pair; and
calculating all paths between each node pair according to the key topology to form a key topology path set of each node pair.
Note that in examples of the present disclosure, the number of hops between the node pair of the source node and the destination node would be taken as an evaluation criterion for the paths in the network structure and in the key topology. According to the k-shortest paths (KSP) algorithm, all the paths between the nodes of each node pair in the network structure would be calculated in advance. And all the paths between the nodes of each node pair may be sorted from small to large according to the number of hops, and the sorting result would be stored as the network structure path set in the corresponding nodes of the node pair. And when allocating quantum key resources, the node may select a path from the network structure path set stored in itself. In the same way, all the paths between the nodes of each node pair in the key topology would be calculated in advance according to the KSP algorithm. And all the paths between the nodes of each node pair would be sorted from small to large according to the number of hops, and the sorting result would be stored as a key topology path set in the corresponding nodes of the node pair. And when allocating quantum key resources, the node may select at least one path from the key topology path set stored in itself.
In S3, quantum key resources are distributed to the service according to the key topology.
According to examples of the present disclosure, the quantum key resources of a delay-sensitive service should not be carried by a path that has multiple relays. That is because excessive delays may be added every time the quantum key is encrypted and decrypted by a relay node. And this delay would not meet the requirements of this type of service. A best way to distribute quantum key resources is to transmit the quantum key resources without any encryption or decryption operation of the relay node. That is, a lowest delay of a service would be obtained when only one encryption operation is performed at the source node and only one decryption operation is performed at the destination node. Therefore, for the delay-sensitive services, the quantum key resources stored in the virtual quantum key pool of a node pair should be used.
Specifically, S3 may include the following steps:
obtaining the node pair of the source node and the destination node, and the DT parameter of the service;
selecting at least one path satisfying the DT parameter from the key topology path set of the node pair; and
distributing the quantum key resources to the service through the at least one path selected.
According to examples of the present disclosure, selecting at least one path satisfying the DT parameter from the key topology path set of node pair may include the following steps:
obtaining at least one path with the number of hops of relays less than the DT parameter from the key topology path set of the node pair; and
selecting one or more paths from the at least one path according to the K-shortest path algorithm.
It should be noted that the DT in a key topology is used to represent the delay requirements of a service, and the DT in a QKD network can be considered as the number of hops between two nodes in the key topology. And after a delay-sensitive service that requires encryption arrives, paths of the network structure path set are traversed and selected corresponding to the node pair of the source node and the destination node. In this step, all the paths in the network structure path set corresponding to node pair of the source node and the destination node with the number of hops of relays smaller than the DT of the service would be selected. And quantum key resources required by the service would be distributed through the at least one path selected according to the k-shortest path algorithm (note that multiple paths can be selected according to the k-shortest path algorithm, and the quantum key resources distributed by the multiple paths can be accumulated).
In S4, quantum key resources are distributed to the service according to the network structure.
It should be noted that there are many alternative paths that can be selected for delay-insensitive services, and the quantum key resources of the service may even be transferred along a quantum key distribution path. In addition, under the severe condition that the number of quantum keys stored in the virtual quantum key pool of a node pair is insufficient, it is reasonable to sacrifice the delay performance to some extent while distributing key resources to delay-insensitive services.
Specifically, S4 may include the following steps:
obtaining the node pair of the source node and the destination node of the service;
selecting at least one path from the network structure path set of the node pair according to the K-shortest path algorithm; and
distributing the quantum key resources to the service through the at least one path selected.
It should be noted that after the arrival of delay-insensitive services, attempts may be made to allocate sufficient quantum key resources for each service. That is, quantum key resources required by each service are allocated according to the K-shortest path algorithm from the network structure path set corresponding to the node pair of the source node and the destination node (note that multiple paths can be selected according to the k-shortest path algorithm, and the quantum key resources distributed by the multiple paths can be accumulated).
According to examples of the present disclosure, the method may further include: when detecting that the quantum key resources available cannot meet the requirements of the service, the service is determined to be blocked and then the service will be discarded.
It should be noted that when allocating quantum key resources to a service that requires encryption, if no virtual quantum key pool that meets the requirements of the service can be found, the service may be blocked. And then a next service that requires encryption may be processed.
According to examples of the present disclosure, the method may further include: after distributing the quantum key resources to the service, selecting at least one path from the network structure path set of the node pair of the source node and the destination node according to the first-fit (FF) algorithm; and distributing wavelength resources to the service through the at least one path selected. To be noted, the FF algorithm is only an option that could be used to select the path, other algorithm can be adopted in embodiments of the present disclosure.
It is to be noted that, if sufficient quantum key resources have been allocated to a service that requires encryption, wavelength resources may be allocated to the service based on the network structure. Specifically, the paths in the network structure path set corresponding to the node pair of the source node and the destination node are traversed, and wavelength resources are allocated to the service based on the FF algorithm. And if the wavelength resources allocated to the service are not sufficient, the service may be blocked, and a next service that requires encryption may be then processed.
FIG. 6 is a flow diagram illustrating the process of a method for allocating QKD network resources according to some other examples of the present disclosure. Referring to FIG. 6, the method may include:
In S601, in response to arrival of a delay-sensitive service requiring encryption, quantum key resources are allocated to the service according to the sequence of paths in the key topology path set, and then proceed to step S603.
In S602, in response to arrival of a delay-insensitive service requiring encryption, quantum key resources are allocated to the service according to the sequence of paths in the network structure path set, and then proceed to step S603.
In S603, whether the amount of the quantum key resources allocated meets the requirements of the service is determined, when the amount of the quantum key resource allocated does not meet the requirements of the service, proceed to step S604, and when the amount of the quantum key resource allocated meets the requirements of the service, proceed to step S605.
In S604, it is determined that the service does not have enough quantum key resources, the connection is blocked. And then a next service may be processed.
In S605, the quantum key resources allocated to the service are locked.
In particular, according to examples of the present disclosure, the quantum key resources in the virtual quantum key pool to be occupied by the service are selected and locked.
In S606, the status of the quantum key resource of the QKD network is updated.
In particular, according to examples of the present disclosure, the occupancy status of quantum key resources in each virtual quantum key pool of the QKD network is updated.
In S607, wavelength resources are allocated to the service according to the network structure path set.
In S608, whether the wavelength resources allocated meets the requirements of the service is determined, when the wavelength resources allocated does not meet the requirements of the service, proceed to step S609, and when the wavelength resources allocated meets the requirements of the service, proceed to step S610.
In S609, it is determined that the wavelength resources are not available for the service, and the service is blocked. Then a next service that requires encryption may be processed. Here, according to examples of the present disclosure, when the service is blocked, the quantum key resources locked in step S605 may be released.
In S610, the wavelength resources allocated are locked.
In particular, according to examples of the present disclosure, the wavelength resources to be occupied in a set of links that are occupied in the network structure of the QKD network are selected and locked. To be noted, in the present disclosure, a link may refer to a node-to-node QKD link; while a path may refer to a path between two nodes of a remote node pair formed by at least one QKD link.
In S611, the quantum key resources are relayed by relay nodes between the node pair of the source node and the destination node.
In particular, according to examples of the present disclosure, the key resources required by the service are obtained by the node pair of the source node and the destination node by relaying.
In S612, the service is carried out utilizing the quantum key resources allocated.
In particular, according to examples of the present disclosure, the quantum key resources (a quantum key pair) allocated are used for encrypting the data service. And the encrypted data service is then transmitted to the destination node by the source node.
In S613, the occupation of the wavelength resources in the QKD network is updated. And then a next service that requires encryption may be processed.
In the following, the method for allocating QKD network resources is illustrated taking a three-node QKD network as an example.
FIG. 7 is a diagram illustrating the architecture of a QKD network with three nodes according to some examples of the present disclosure. As shown in FIG. 7, the QKD network includes two QKD subsystems. Wherein, the first QKD subsystem includes quantum node A and quantum node B, and the second QKD subsystem includes quantum node A and quantum node C. Quantum key pairs would be pre-stored in corresponding quantum node pairs such as the quantum node A and the quantum node B (hereinafter named node pair AB), and the quantum node A and the quantum node C (hereinafter named node pair AC). Moreover, QKD optical fibers between the node pair AB can generate true random number sequences (quantum key resources) for the node pair AB, and QKD optical fibers between the node pair AC can generate true random number sequences (quantum key resources) for the node pair AC. And a key management server A-B may be deployed between the node pair AB and a key management server A-C may be deployed between the node pair AC. For there are only data fibers but no QKD optical fibers between the quantum node B and the quantum node C (hereinafter named node pair BC), and there is a virtual quantum key pool between the node pair BC in which there stores quantum key resources, the quantum key resources between the node pair BC may be obtained by relaying quantum keys between the node pairs AB and AC, and a key management server B-C may be deployed to manage the status, the extraction and the injection of the quantum keys between the node pair BC. The rectangular in FIG. 7 are used to represent quantum key resources in a virtual quantum key pool, dark colors represent delay-sensitive services, and light colors represent delay-insensitive services.
When a delay-sensitive service arrives at the node pair BC, the key management server B-C is used to distribute quantum key resources from the virtual quantum key pool of the node pair BC to carry out the service. When a delay-insensitive service arrives at the node pair BC, the key management servers A-B and A-C are used to distribute quantum key resources from the virtual quantum key pool of the node pair AB and from the virtual quantum key pool of the node pair AC to carry out the service.
According to the method for allocating QKD network resources provided by the present disclosure, the network structure of the QKD network is obtained and a key topology can be constructed according to the distributions of quantum key resources in the QKD network. For delay-sensitive services, quantum key resources are distributed according to the key topology, and for delay-insensitive services, quantum key resources are distributed according to the network structure of the QKD network. In this method, services with multiple delay requirements can be processed flexibly and limited key resources of the QKD network can be utilized efficiently.
Accordingly, examples of the present disclosure also provide a device for allocating QKD network resources which can realize the processes of the above QKD network resource allocation method.
FIG. 8 is a diagram illustrating the structure of a device for allocating QKD network resources according to some examples of the present disclosure. Referring to FIG. 8, the device may include:
a topology acquisition module 1, configured to obtain the network structure of the QKD network and construct a key topology according to distributions of quantum key resources in the QKD network;
a service judgment module 2, configured to determine, in response to arrival of a service requiring encryption, whether the service is delay sensitive or not;
a first distribution module 3, configured to distribute quantum key resources to the service according to the key topology when the service is delay sensitive; and
a second distribution module 4, configured to distribute quantum key resources to the service according to the network structure when the service is not delay sensitive.
According to the device for allocating QKD network resources provided by the present disclosure, the network structure of the QKD network is obtained and a key topology can be constructed according to the distributions of quantum key resources in the QKD network. For delay-sensitive services, quantum key resources are distributed according to the key topology, and for delay-insensitive services, quantum key resources are distributed according to the network structure. In this method, services with multiple delay requirements can be processed flexibly and limited key resources of the QKD network can be utilized efficiently.
Examples of the present disclosure also provide a device for allocating QKD network resources, which may include: one or more processors, one or more memories, and a communication bus configured to couple the one or more processors and the one or more memories; wherein the one or more memories store one or more instructions, and when executed by the one or more processors, the instructions cause the one or more processors to perform the above method for allocating QKD network resources.
Examples of the present disclosure also provide a non-transitory computer-readable storage medium, including one or more instructions, when executed by one or more processors, cause the one or more processors to perform the above method for allocating QKD network resources.
One of ordinary skill in the art will appreciate that: the discussion of any of the above examples is merely exemplary and is not intended to imply that the scope of the disclosure, including the claims, is limited to these examples; the above examples or technical features in different examples may also be combined under the idea of the invention, the steps may be implemented in any order, and there are many other variations of different aspects of the invention as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to integrated circuit (IC) chips and other components may or may not be shown in the figures provided for simplicity of illustration and discussion and to not obscure the present invention. Furthermore, means may be shown in block diagram form in order to avoid obscuring the invention, and this also takes into account the fact that details regarding implementations of such block diagram means are highly dependent on the platform in which the invention is to be implemented (i.e., such details should be well within the purview of one skilled in the art). While specific details (e.g., circuits) have been set forth in order to describe exemplary examples of the application, it will be apparent to those skilled in the art that the application may be practiced without these specific details or with variations of these specific details. Accordingly, the description is to be regarded as illustrative in nature, and not as restrictive.
While the application has been described in conjunction with specific examples thereof, many alternatives, modifications and variations thereof will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the examples discussed.
The present examples are intended to embrace all such alternatives, modifications and variances that fall within the broad scope of the appended claims. Therefore, it is intended that any omissions, modifications, equivalents, improvements and the like be included within the spirit and scope of the present invention.

Claims (16)

What is claimed is:
1. A method for allocating quantum key distribution (QKD) network resources, comprising:
obtaining a network structure of a QKD network;
constructing a key topology according to distributions of quantum key resources in the QKD network;
in response to arrival of a service requiring encryption, determining whether the service is delay sensitive;
when the service is delay sensitive, distributing the quantum key resources to the service according to the key topology of the QKD network; and
when the service is not delay sensitive, distributing the quantum key resources to the service according to the network structure of the QKD network.
2. The method of claim 1, wherein, nodes in the network structure represent quantum nodes in the QKD network; and lines among the nodes in the network structure represent physical connections among the corresponding quantum nodes in the QKD network.
3. The method of claim 1, wherein, nodes in the key topology represent quantum nodes in the QKD network; and a line between any two of the nodes in the key topology represent that a shared quantum key pair exists between the corresponding quantum nodes in the QKD network.
4. The method of claim 1, further comprising:
before the service that requires encryption arrives, taking any two quantum nodes in the QKD network as a node pair to form at least one node pair;
calculating all paths between each node pair according to the network structure to form a network structure path set of each node pair; and
calculating all paths between each node pair according to the key topology to form a key topology path set of each node pair.
5. The method of claim 4, wherein determining whether the service is delay sensitive comprises:
detecting whether a delay tolerance DT parameter is set for the service; wherein, the DT parameter represents a number of encryption/decryption operations which can be accepted by the service;
when a DT parameter is set for the service, determining that the service is delay sensitive; and
when a DT parameter is not set for the service, determining that the service is delay insensitive.
6. The method of claim 5, wherein distributing quantum key resources to the service according to the key topology of the QKD network comprises:
obtaining the node pair of the source node and the destination node of the service, and the DT parameter of the service;
selecting at least one path satisfying the DT parameter from the key topology path set of the node pair; and
distributing the quantum key resources to the service through the at least one path selected.
7. The method of claim 6, wherein, selecting at least one path satisfying the DT parameter from the key topology path set of the node pair comprises:
obtaining at least one path with a number of hops of relays less than the DT parameter from the key topology path set of the node pair; and
selecting one or more paths from the at least one path according to a K-shortest path algorithm.
8. The method of claim 6, further comprising:
after distributing the quantum key resources to the service, selecting at least one path from the network structure path set of the node pair according to a first-fit (FF) algorithm; and
distributing wavelength resources to the service through the at least one path selected.
9. The method of claim 4, wherein distributing quantum key resources to the service according to the network structure of the QKD network comprises:
obtaining the node pair of the source node and the destination node of the service;
selecting at least one path from the network structure path set of the node pair according to a K-shortest path algorithm; and
distributing the quantum key resources to the service through the at least one path selected.
10. The method of claim 9, further comprising:
after distributing the quantum key resources to the service, selecting at least one path from the network structure path set of the node pair according to the FF algorithm; and
distributing wavelength resources to the service through the at least one path selected.
11. The method of claim 10, further comprising:
determining whether the wavelength resources allocated meets requirements of the service;
when the wavelength resources allocated does not meet the requirements of the service, blocking the service is blocked, and
when the wavelength resources allocated meets the requirements of the service, locking the wavelength resources allocated to the service.
12. The method of claim 11, wherein, locking the wavelength resources allocated to the service comprises: selecting and locking wavelength resources to be occupied in a set of links in the network structure of the QKD network.
13. The method of claim 1, further comprising:
determining whether an amount of the quantum key resources allocated meets requirements of the service;
when the amount of the quantum key resource allocated does not meet the requirements of the service, blocking the service is blocked and discarding the service, and
when the amount of the quantum key resource allocated meets the requirements of the service, locking the quantum key resources allocated to the service.
14. The method of claim 13, wherein, locking the quantum key resources allocated to the service comprises: selecting and locking key slot resources in a virtual quantum key pool to be occupied by the service.
15. A device for allocating QKD network resources, comprising:
one or more processors, one or more memories, and a communication bus configured to couple the one or more processors and the one or more memories;
wherein the one or more memories store one or more instructions, and when executed by the one or more processors, the instructions cause the one or more processors to perform a method for allocating quantum key distribution (QKD) network resources;
wherein, the method comprises:
obtaining a network structure of a QKD network;
constructing a key topology according to distributions of quantum key resources in the QKD network;
in response to arrival of a service requiring encryption, determining whether the service is delay sensitive;
when the service is delay sensitive, distributing the quantum key resources to the service according to the key topology of the QKD network; and
when the service is not delay sensitive, distributing the quantum key resources to the service according to the network structure of the QKD network.
16. A non-transitory computer-readable storage medium, comprising one or more instructions, when executed by one or more processors, cause the one or more processors to perform a method for allocating quantum key distribution (QKD) network resources; wherein, the method comprises:
obtaining a network structure of a QKD network;
constructing a key topology according to distributions of quantum key resources in the QKD network;
in response to arrival of a service requiring encryption, determining whether the service is delay sensitive;
when the service is delay sensitive, distributing the quantum key resources to the service according to the key topology of the QKD network; and
when the service is not delay sensitive, distributing the quantum key resources to the service according to the network structure of the QKD network.
US16/732,539 2019-05-08 2020-01-02 Method and device for allocating QKD network resources and computer-readable storage medium thereof Active 2040-06-05 US11190347B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910380704.9 2019-05-08
CN201910380704.9A CN110224815B (en) 2019-05-08 2019-05-08 QKD network resource allocation method and system

Publications (2)

Publication Number Publication Date
US20200358606A1 US20200358606A1 (en) 2020-11-12
US11190347B2 true US11190347B2 (en) 2021-11-30

Family

ID=67820639

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/732,539 Active 2040-06-05 US11190347B2 (en) 2019-05-08 2020-01-02 Method and device for allocating QKD network resources and computer-readable storage medium thereof

Country Status (2)

Country Link
US (1) US11190347B2 (en)
CN (1) CN110224815B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20240430080A1 (en) * 2021-11-10 2024-12-26 Jinan Institute Of Quantum Technology Quantum key-based blockchain network and data secure transmission method
US12489613B2 (en) 2022-12-19 2025-12-02 Electronics And Telecommunications Research Institute Method and device for QoS assurance of quantum key distribution network based on machine learning and autonomic life cycle management

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12003627B2 (en) * 2019-09-12 2024-06-04 General Electric Company Communication system and method for applying quantum key distribution security for a time sensitive network
CN112422283B (en) * 2020-11-19 2024-03-29 北京电子科技学院 Quantum key transmission method
CN112910642B (en) * 2021-03-01 2022-05-31 北京邮电大学 Method and system for resource allocation of Internet of things based on quantum key
CN113179154B (en) * 2021-03-25 2022-07-01 北京邮电大学 Resource joint allocation method and related equipment in quantum key distribution Internet of things
CN113179514B (en) * 2021-03-25 2022-08-05 北京邮电大学 Quantum key distribution method and related equipment in relay coexistence scenario
CN114024666B (en) * 2021-09-15 2023-04-25 北京邮电大学 Quantum key distribution method and system
US11895234B2 (en) * 2021-09-30 2024-02-06 Juniper Networks, Inc. Delayed quantum key-distribution
CN114024824B (en) * 2021-10-27 2023-11-17 中国人民解放军战略支援部队信息工程大学 Quantum network management system
CN114071264B (en) * 2021-11-12 2024-01-23 国网上海市电力公司 Communication method for network services on endogenous secure optical network and endogenous secure optical network
CN114124383B (en) * 2021-11-30 2024-01-16 中国人民解放军国防科技大学 Address hopping pattern generation method and device for multiplexing synchronous light and computer equipment
CN114302266B (en) * 2021-12-13 2022-10-18 苏州大学 A method and system for resource allocation in quantum key distribution light network
CN114124384B (en) * 2022-01-26 2022-04-29 浙江九州量子信息技术股份有限公司 QKD network virtualization method and quantum key cloud platform
US12367089B2 (en) * 2022-12-07 2025-07-22 Red Hat, Inc. Quantum service circuit breaker
CN116633702B (en) * 2023-07-25 2023-10-31 广东广宇科技发展有限公司 Data transmission method based on symmetric encryption
CN118692618B (en) * 2024-07-05 2025-01-28 常州市中医医院(常州市孟河医学研究院) Method, device and equipment for remote collection and processing of medical information based on 5G scenario
CN118540060B (en) * 2024-07-25 2024-12-10 中电信量子信息科技集团有限公司 Key pool scheduling method, device, edge gateway, Internet of Things system and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070114751A1 (en) * 2005-11-21 2007-05-24 Magiq Technologies, Inc. Optical fiber interferometer with relaxed loop tolerance and QKD system using same
US7706535B1 (en) * 2003-03-21 2010-04-27 Bbn Technologies Corp. Systems and methods for implementing routing protocols and algorithms for quantum cryptographic key transport
US20170237558A1 (en) * 2016-02-15 2017-08-17 Alibaba Group Holding Limited System and method for quantum key distribution
US20190260581A1 (en) * 2016-11-04 2019-08-22 Huawei Technologies Co., Ltd. Quantum key relay method based on centralized management and control network, and apparatus
US11072356B2 (en) * 2016-06-30 2021-07-27 Transportation Ip Holdings, Llc Vehicle control system

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009093036A2 (en) * 2008-01-25 2009-07-30 Qinetiq Limited Quantum cryptography apparatus
CN102325039A (en) * 2011-06-09 2012-01-18 国网电力科学研究院 ASON (Automatically Switched Optical Network) optimization design method orienting to electric power control business
CN102394745B (en) * 2011-11-15 2014-12-24 北京邮电大学 Quality of service realization method applied to quantum key distribution network
CN103763096B (en) * 2014-01-17 2018-02-09 北京邮电大学 Random key distribution method and apparatus
CN105827397B (en) * 2015-01-08 2019-10-18 阿里巴巴集团控股有限公司 Quantum key distribution system, method and device based on trusted relay
CN107508671B (en) * 2017-08-18 2020-06-12 北京邮电大学 Business communication method and device based on quantum key distribution
CN108124003B (en) * 2017-12-11 2021-03-26 中盈优创资讯科技有限公司 Network management equipment connection processing method, device and system
CN108134669B (en) * 2018-01-11 2020-12-08 北京中电普华信息技术有限公司 Quantum key dynamic supply method and management system for power dispatching business
CN109005034B (en) * 2018-09-19 2020-10-02 北京邮电大学 Multi-tenant quantum key supply method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7706535B1 (en) * 2003-03-21 2010-04-27 Bbn Technologies Corp. Systems and methods for implementing routing protocols and algorithms for quantum cryptographic key transport
US20070114751A1 (en) * 2005-11-21 2007-05-24 Magiq Technologies, Inc. Optical fiber interferometer with relaxed loop tolerance and QKD system using same
US20170237558A1 (en) * 2016-02-15 2017-08-17 Alibaba Group Holding Limited System and method for quantum key distribution
US11072356B2 (en) * 2016-06-30 2021-07-27 Transportation Ip Holdings, Llc Vehicle control system
US20190260581A1 (en) * 2016-11-04 2019-08-22 Huawei Technologies Co., Ltd. Quantum key relay method based on centralized management and control network, and apparatus

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20240430080A1 (en) * 2021-11-10 2024-12-26 Jinan Institute Of Quantum Technology Quantum key-based blockchain network and data secure transmission method
US12489613B2 (en) 2022-12-19 2025-12-02 Electronics And Telecommunications Research Institute Method and device for QoS assurance of quantum key distribution network based on machine learning and autonomic life cycle management

Also Published As

Publication number Publication date
US20200358606A1 (en) 2020-11-12
CN110224815A (en) 2019-09-10
CN110224815B (en) 2021-02-09

Similar Documents

Publication Publication Date Title
US11190347B2 (en) Method and device for allocating QKD network resources and computer-readable storage medium thereof
KR100627445B1 (en) Reservation based media access controller and optical network
US11595197B2 (en) Communication device, communication method, and communication method for performing communication using shared quantum key
US11424836B2 (en) Path computation engine and method of configuring an optical path for quantum key distribution
KR102327941B1 (en) Quantum cryptographic key relay method and device based on centralized management and control network
CN109743164B (en) Method and device for channel resource allocation in a quantum satellite network
CN110149204B (en) Key resource distribution method and system for QKD network
CN110213040B (en) Service quality control method and device for quantum key distribution service
CN107294960B (en) A security method for software-defined network control channel
KR20210032094A (en) Method, apparatus and system for quantum cryptography key distribution
CN102130769A (en) A Model and Method for Quantum Key Distribution Request Control and Automatic Implementation
US20160359625A1 (en) Receiver, transmitter, communication system, and communication method
US20140023192A1 (en) Communication device, communication method, and communication system
CN109005030B (en) A method and system for protecting key services in a quantum network
US20200358598A1 (en) Method, Device of Secret-Key Provisioning and Computer-Readable Storage Medium thereof
US20250373416A1 (en) User base device, cryptographic communication system, and cryptographic communication method
US12341879B2 (en) Key management device, quantum cryptography communication system, and computer program product
JP7612557B2 (en) Quantum cryptography storage system, distributed control device and program
AU2020102953A4 (en) Method and device of secret-key provisioning
González et al. A sub-graph mapping-based algorithm for virtual network allocation over flexible grid networks
Sharma et al. Priority order-based key distribution in QKD-secured optical networks
CN117220857A (en) Path optimization method based on quantum communication network
CN112073181B (en) Key distribution method among QKD networks, metro nodes and their access networks
Wang et al. A novel shared backup path protection scheme in time-division-multiplexing based QKD optical networks
Ning et al. Soft-reservation based resource allocation in optical networks secured by quantum key distribution (QKD)

Legal Events

Date Code Title Description
AS Assignment

Owner name: BEIJING UNIVERSITY OF POSTS AND TELECOMMUNICATIONS, CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ZHAO, YONGLI;LIU, XIANG;YU, XIAOSONG;AND OTHERS;REEL/FRAME:051399/0951

Effective date: 20191227

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 4